Skip to content

Instantly share code, notes, and snippets.

@zymtx5g79k
Last active May 8, 2018 05:02
Show Gist options
  • Save zymtx5g79k/d50e81b1dd9bef0f4b253d27fdddf851 to your computer and use it in GitHub Desktop.
Save zymtx5g79k/d50e81b1dd9bef0f4b253d27fdddf851 to your computer and use it in GitHub Desktop.
sudo su - postgres
# Create dump to file
/usr/pgsql-9.5/bin/pg_dump --no-owner --no-acl some_db > /tmp/some_db
# Import from file
psql --username=root some_db < /tmp/some_db
---------------------------------------------------
sudo su - postgres
psql
CREATE ROLE postgres_user WITH CREATEDB ENCRYPTED PASSWORD 'password' LOGIN; # don't user upcase in role name!
CREATE DATABASE my_postgres_db OWNER postgres_user;
# ALTER ROLE t1ewr5okz6v0fgjn LOGIN SUPERUSER;
\q
nano /var/lib/pgsql/9.5/data/pg_hba.conf
# ----------------------
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local my_postgres_db postgres_user md5
# ----------------------
/etc/rc.d/init.d/postgresql-9.5 restart
psql -U postgres_user -d my_postgres_db # for local
psql -h localhost -U postgres_user -d my_postgres_db # for host 127.0.0.1/32
----------------- CentOs -------------
setsebool httpd_can_network_connect on -P
getsebool -a | grep httpd
service nginx restart
# iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save
-------------- Nginx --- CentOs ----------- SeLinux -----
setenforce 0 # выключить ограничения, что бы получить сообщения в /var/log/audit/audit.log
nano /etc/selinux/config
устновить SELINUX=permissive
reboot
# http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/
semanage fcontext -a -t http_sys_content_t "/webapps(/.*)?"
semanage fcontext -a -t httpd_log_t "/webapps/logs(/.*)?"
semanage fcontext -a -t httpd_cache_t "/webapps/cache(/.*)?"
semanage fcontext -a httpd_sys_rw_content_t "/webapps/app1/public_html/uploads(/.*)?"
выполнить запросы на сервер, что бы получить ссобщения об ограничениях /var/log/audit/audit.log
# http://stackoverflow.com/questions/27435655/nginx-proxy-pass-not-working-in-selinux
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -m nginx > nginx.te
cat nginx.te
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M nginx
semodule -i nginx.pp
semodule -i nginx.pp
setenforce 1 # обратно включить ограничения
nano /etc/selinux/config
устновить SELINUX=enforcing
reboot
tcpdump -p tcp
setsebool -P httpd_can_network_connect 1
@ajahongir
Copy link

service nginx stop
service nginx start
service nginx restart
/etc/init.d/redis_6379 stop
/etc/init.d/redis_6379 start

semanage fcontext -a -t httpd_sys_content_t "/var/www/cryptocoin_staging(/.)?"
semanage fcontext -a -t httpd_log_t "/var/log/nginx/(/.
)?"
semanage fcontext -a -t httpd_cache_t "/var/www/cryptocoin_staging/current/tmp/cache/(/.)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/cryptocoin_staging/current/public/uploads/(/.
)?"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment